• chattr lsattr linux file system attributes


    我们使用 linux 文件系统定义的文件属性,能够对linux文件系统进行进一步保护;从而给文件 赋予一些额外的限制;在有些情况下,能够对我们的系统提供保护;

    该命令特定用于 linux  extended filesystem (ext2, ext3, ext4),是e2fsprogs 工具的一部分;而e2fsprogs 工具包,包含了创建,检查和维护ext2/3/4-based 文件系统的工具。其也包含badblocks等用于检查文件系统坏块的工具。

    chattr命令用来改变文件属性。这项指令可改变存放在ext2文件系统上的文件或目录属性,这些属性共有以下8种模式:详细作用,可以查看man手册;注意该属性不是linux文件系统扩展属性。

    a:让文件或目录仅供附加用途;
    b:不更新文件或目录的最后存取时间;
    c:将文件或目录压缩后存放;
    d:将文件或目录排除在倾倒操作之外;
    i:不得任意更动文件或目录;
    s:保密性删除文件或目录;
    S:即时更新文件或目录;
    u:预防意外删除。
     lsattr - list file attributes on a Linux second extended file system

    比如你可以给 /etc/passwd 文件进行修改,这样就是连root用户都不能更改它的代码;

    File attributes on a Linux file system according to the chattr(1) Linux man page (该表格转载自维基百科)
    Attributelsattr flagchattr optionSemantics and rationale
    Compressed dirty file Z (unavailable)
    • The Z attribute is used by the experimental compression patches to indicate a compressed file is "dirty".
    Compression raw access X (unavailable)
    • The X attribute is used by the experimental compression patches to indicate that a raw contents of a compressed file can be accessed directly.
    Undeletable u +u to set
    -u to clear[note 2]
    • When a file with the u attribute set is deleted, its contents are saved.
    • This allows the user to ask for its undeletion.
    Top of directory hierarchy T +T to set
    -T to clear
    • A directory with the T attribute will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.
    • This is a hint to the block allocator used by ext3 and ext4 that the subdirectories under this directory are not related, and thus should be spread apart for allocation purposes.
    • For example: it is a very good idea to set the T attribute on the /home directory, so that /home/john and /home/mary are placed into separate block groups.
    • For directories where this attribute is not set, the Orlov block allocator will try to group subdirectories closer together where possible.
    No tail-merging t +t to set
    -t to clear
    • For those filesystems that support tail-merging, a file with the t attribute will not have a partial block fragment at the end of the file merged with other files.
    • This is necessary for applications such as LILO, which reads the filesystem directly and doesn't understand tail-merged files.
    Synchronous updates S +S to set
    -S to clear
    • When a file with the S attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the 'sync' mount option applied to a subset of the files.
    • This is equivalent to the sync mount option, applied to a subset of the files.
    Secure deletion s +s to set
    -s to clear[note 2][note 5]
    • When a file with the s attribute set is deleted, its blocks are zeroed and written back to the disk.
    Data journaling j +j to set
    -j to clear[note 4]
    • A file with the j attribute has all of its data written to the ext3 journal before being written to the file itself, if the filesystem is mounted with the "data=ordered" or "data=writeback" options.
    • When the filesystem is mounted with the "data=journal" option all file data is already journaled, so this attribute has no effect.
    Indexed directory I (unavailable)
    • The I attribute is used by the htree program code to indicate that a directory is being indexed using hashed trees.
    Immutable i +i to set
    -i to clear[note 1]
    • A file with the i attribute cannot be modified.
    • It cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.
    • When set, prevents, even the superuser, from erasing or changing the contents of the file.
    Huge file h (unavailable)
    • The h attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors.
    • It means that the file is, or at one time was, larger than 2TB.
    Compression error E (unavailable)
    • The E attribute is used by the experimental compression patches to indicate that a compressed file has a compression error.
    Extent format e (unavailable)
    • The e attribute indicates that the file is using extents for mapping the blocks on disk.
    Synchronous directory updates D +D to set
    -D to clear
    • When a directory with the D attribute set is modified, the changes are written synchronously on the disk
    • This is equivalent to the dirsync mount option, applied to a subset of the files.
    No dump d +d to set
    -d to clear
    • A file with the d attribute set is not candidate for backup when the dump program is run.
    No Copy-on-Write (CoW) C +C to set
    -C to clear[note 3]
    • A file with the C attribute will not be subject to Copy-on-Write updates.
    • Updates to these files may not be subject to atomic snapshots, and may lack some reliability information on some filesystems and kernels.
    Compressed c +c to set
    -c to clear[note 2]
    • A file with the c attribute set is automatically compressed on the disk by the kernel.
    • A read from this file returns uncompressed data.
    • A write to this file compresses data before storing them on the disk.
    No atime updates A +A to set
    -A to clear
    • When a file with the A attribute set is accessed, its atime record is not modified.
    • This avoids a certain amount of disk I/O operations.
    Append only a +a to set
    -a to clear[note 1]
    • A file with the a attribute set can only be open in append mode for writing.
    Version / generation number -v -v version
    • File's version/generation number.

    参考链接:

    https://en.wikipedia.org/wiki/Chattr (上述表格来自于此)

    http://c.biancheng.net/view/874.html 

    https://www.runoob.com/linux/linux-comm-chattr.html 

    https://www.runoob.com/linux/linux-comm-lsattr.html 

    https://www.cnblogs.com/ftl1012/p/chattr.html 

    保持更新,更多内容请关注 cnblogs.com/xuyaowen; 获取更多内容;

    关于文件系统扩展属性内容,请参考:Linux 文件系统扩展属性 

  • 相关阅读:
    Sliding Window
    方程的解数
    [JLOI2011]不重复数字
    A−B数对
    2007年分区联赛提高组之一 统计数字
    Magic Squares 魔板 (BFS+HASH)
    集合(normal)
    Place the Robots
    LoadRunner监控Linux
    CentOS6.3(64位)下安装Oracle11gR2(64)服务器
  • 原文地址:https://www.cnblogs.com/xuyaowen/p/chattr-lsattr.html
Copyright © 2020-2023  润新知